Wider Context

Threat · Intel · Hostile recce · Supply chain

Security starts well beyond the fence. We map the threat environment, monitor intelligence and assess the wider context — adjacent buildings, public approach, supply chain — so risks are understood before they reach you.

• Assess
• Plan

• PSPF Counter-Terrorism
• SA HB 167:2025
• ISO 31000
• CASA Part 101 (UAV)

• Security Risk Assessment
• Counter Terrorism Consulting
• Critical Infrastructure Risk Management

Government

Threat assessment of public-domain risks for a high-profile department building — feeds the security risk register.

Industry

Crowded-place risk review for a shopping precinct or office tower with adjacent retail and high pedestrian flow.

Outer Perimeter

Recce deterrence · Fence · Gates · ANPR · HVM

The first physical boundary. Fence selection, vehicle and pedestrian gates, hostile-vehicle mitigation, ANPR, signage and lighting — designed to recognised standards to deter, delay and screen anything approaching the site. Manned-security routines live here too: gate guards, gatehouse staff, visitor reception protocols.

• Design
• Support

• AS 1725
• PAS 68 / IWA 14
• AS 3845
• PSPF Physical

• Protective Security
• Hostile Vehicle Mitigation
• Building Security Consultants
• Physical Security Consulting

Government

Z2 / Z3 site perimeter design — fence rating, vehicle gate ANPR, HVM bollards to ASIO Technical Notes.

Industry

Distribution centre perimeter — chainlink with anti-climb topping, ANPR-driven vehicle access, integrated PIDS.

Inner Perimeter

CCTV · Lighting · Access · PIR · Guards & patrols

Inside the fence: cameras, lighting, sensors, card readers, biometric access, intrusion detection and alarm monitoring — plus the manned-security layer that ties them together. Control-room operators, mobile patrols, gatehouse staff, response routines and the audit of how well they actually perform. Technology detects; guards decide and respond.

• Design
• Support
• Assure

• AS/NZS 62676
• AS/NZS 2201
• AS 1158
• ISM controls
• Security Industry Act (state)
• ASIAL Class 1 / 2 licensing

• Security Camera & CCTV Consultant
• Electronic Security
• Duress Alarms
• Managed Security Service Provider

Government

CCTV, access-control and manned-guarding review for an agency precinct — vendor-neutral spec, control-room SOPs, patrol-route audit and guard-licence verification.

Industry

Multi-site CCTV upgrade and manned-security audit — gap analysis, MSSP performance review, patrol-route effectiveness, guard-licensing and uniform-presence checks.

Building Envelope

Walls · Doors · Windows · Locks · Key control · Internal controls

The physical fabric of protection: walls, doors, windows, locks, key control and internal secure-area boundaries. We match each treatment to the risk, from rated doors and glazing to restricted keyways, access-controlled risers and ceiling-void barriers. The aim is simple: make the building fabric support the operating model, not quietly undermine it.

• Design
• Support
• Assure

• AS 3555 forced-entry resistance
• AS 5039 security doors / windows
• AS 5040 installation of security doors / grilles
• AS 4145 locksets
• AS 2208 safety glazing
• BCA / NCC fire compartmentation
• AS 1428 accessibility
• ASIO Technical Notes (Z3 / Z4 / Z5)
• PSPF Physical Security

• Building Security Consultants
• Security Design Consulting
• Security Audits
• Electronic Security

Government

Z3 / Z4 fitout package covering wall ratings, SCEC-endorsed doors and locks, glazing, key control, internal partitions and riser access.

Industry

Bank or corporate envelope upgrade covering rated doors, protective glazing, restricted keys, key cabinets and back-of-house access controls.

The Asset

Reception · Working zones · Secure room · Continuity

The thing you are protecting — and the people who use it. Internal access control, secure rooms, awareness training, business continuity and recovery planning so the operation continues even when controls fail.

• Plan
• Support
• Assure

• PSPF Z1-Z5
• ISO 22301
• ISO 22361
• AS 3745
• ISM access controls

• Business Continuity Consultants
• Crisis Management
• Emergency Management
• IT Disaster Recovery Planning
• Security Awareness Training

Government

Departmental BCP, evacuation procedures and security-awareness program tied to PSPF reporting.

Industry

Multi-site continuity, crisis management and awareness program for a corporate or healthcare operator.

Wider Context

Open-source intel · Supply-chain info exposure

Outside the fence, information leaks through public-domain channels: tendering disclosures, supplier breaches, social media. We assess what your organisation reveals about itself and where adversaries pick that up.

• Assess

• PSPF Information Security
• ISM Cyber Threat Intelligence
• ISO 27036 supplier security

• Security Risk Assessment
• Counter Terrorism Consulting

Government

Pre-procurement OSINT review for a sensitive department program — what an adversary could learn from the open record.

Industry

M&A target diligence — public exposure of trade secrets, executive PII and IP across the supply base.

Outer Perimeter

Visitor signage · Public-facing comms · Mail screening

Information leaves and enters the site at the perimeter: visitor signage, lobby notices, mail and parcel screening, public-facing comms boundaries. Where an outsider first sees — or sends — something into your information environment.

• Design
• Support

• PSPF Information Security
• AS 4801 mail-handling guidance

• Protective Security
• Building Security Consultants

Government

Front-of-house signage and visitor-handling review for an agency — no inadvertent disclosure of OFFICIAL:Sensitive information at reception.

Industry

Mail and parcel screening protocol design for a corporate HQ — bomb, biological and information-leak vectors.

Inner Perimeter

Comms cabinets · ICT racks · Cable trays

The places information physically moves around the site: comms cabinets in the inner perimeter, fibre runs, cable trays, riser cupboards. Often forgotten in security audits — and a goldmine for an insider with toolbox access.

• Assess
• Design

• ISM Communications Security
• AS/NZS ISO/IEC 11801 cabling
• PSPF Information Security

• Security Audits
• Electronic Security

Government

Comms-room and cable-pathway audit for a Commonwealth tenancy — physical access controls, tamper detection.

Industry

Distribution centre comms-cabinet and cable-tray hardening — locks, alarms, segregation from operations staff.

Building Envelope

SCIF walls · Acoustic ratings · Secure storage

For PROTECTED, SECRET and TOP SECRET information, the building envelope itself becomes a control: SCIF wall constructions, acoustic separation, RF shielding, Class B and C containers, AS 3555 forced-entry doors. The fabric of the building becomes part of the information control.

• Design
• Support

• ASIO Technical Notes 5/12 SCIF
• PSPF Information Security
• ISM physical security
• AS 3555

• Security Design Consulting
• Building Security Consultants
• Security Audits

Government

SCIF design package for a SECRET-level workspace — wall ratings, RF, acoustic, container schedule for SCEC-endorsed certification.

Industry

Secure-room design for a corporate forensic workspace — container schedule, acoustic separation, anti-tamper monitoring.

The Asset

Classified handling · Clean desk · Document destruction

At the asset itself: classified-document handling procedures, clean-desk policy, secure printing, document destruction (NAID AAA), need-to-know workflow. The day-to-day routines that decide whether your investment in walls and locks actually protects anything.

• Plan
• Support
• Assure

• PSPF Information Security
• ISM Information Management
• NAID AAA destruction

• Security Awareness Training
• Cyber Security Awareness Training
• Security Audits

Government

PSPF Information Security uplift program — handling, clean-desk, secure-print, awareness, audit, evidence pack.

Industry

Corporate IP-protection program — sensitive-document workflows, destruction contracts, awareness, board-level KPIs.

Wider Context

External threat intel · Internet boundary

Beyond the perimeter, the threat environment for technology is the public internet, supplier ecosystems, and intelligence on adversary tradecraft. We feed this into your protective monitoring and architecture decisions.

• Assess
• Plan

• ACSC Threat Reports
• ISM Cyber Threat Intelligence
• NIST CSF
• PSPF Cyber

• Security Risk Assessment
• Critical Infrastructure Risk Management

Government

Cyber-threat profile for a SOCI-regulated entity — sector-specific threats and TTPs feeding the architecture risk register.

Industry

Sector cyber-threat brief for an ASX board — adversary TTPs, recent precedents, exposure mapping.

Outer Perimeter

DMZ · Public-facing services · WAF

The "outer perimeter" of technology is the network edge: DMZ, public-facing services, WAF, edge gateways. The first decision is what is allowed in or out of your environment at all.

• Design
• Support

• ISM gateway controls
• ACSC Essential Eight
• PSPF Cyber

• Electronic Security
• Managed Security Service Provider

Government

Gateway and DMZ architecture review against ISM controls — internet-exposed surface and patching cadence.

Industry

External attack-surface review and Essential Eight maturity uplift roadmap for a mid-market ASX listed entity.

Inner Perimeter

Network segmentation · Sensors · NDR

Inside the perimeter, technology controls become detection and segmentation: network sensors, NDR, micro-segmentation, EDR, SIEM. The same idea as CCTV and motion sensors — but for packets and processes.

• Design
• Support
• Assure

• ISM detection controls
• NIST 800-94
• ACSC Information Security Manual

• Managed Security Service Provider
• Security Audits

Government

Internal segmentation and detection-uplift design for a federal agency — east-west traffic visibility and alert tuning.

Industry

OT/IT segmentation and monitoring program for a critical-infrastructure operator — Purdue-aligned zones and conduits.

Building Envelope

Server room hardening · KVM · Racks

The physical fabric of the technology stack: server-room construction, environmental controls, rack locks, KVM and out-of-band, cabling integrity. If the room itself isn’t controlled, every logical control above it is on shaky ground.

• Design
• Support

• TIA-942 data centre
• ISM physical security
• AS 3555

• Security Design Consulting
• Building Security Consultants

Government

Server-room and on-prem rack security review for a Commonwealth entity — physical access, monitoring, environmental.

Industry

Edge data-room hardening for a hospital network — locks, alarms, environmental, vendor-access controls.

The Asset

Critical systems · IAM · Segregation of duties

At the asset, technology controls are the most sensitive: identity and access management, privileged access, segregation of duties, system-of-record protection, and the recovery posture if any of it goes wrong.

• Plan
• Support
• Assure

• ACSC Essential Eight
• ISM IAM controls
• ISO 22301
• PSPF Cyber

• IT Disaster Recovery Planning
• Cyber Security Awareness Training
• Business Continuity Consultants

Government

Crown-jewel systems-protection review and DR exercise for a federal regulator — IAM, privileged access, recovery time.

Industry

Crown-jewel systems and IAM review for an ASX-100 — privileged access, joiner/mover/leaver, recovery posture.

Wider Context

Pre-employment screening · Supplier vetting

Before someone ever reaches the fence, the personnel control is upstream: pre-employment screening, identity proofing, supplier vetting, contractor pre-qualification. Most insider risk is set up here, not at the gate.

• Assess
• Plan

• PSPF Personnel
• AGSVA clearances
• AS 4811 Workforce screening
• ISO 27036 supplier security

• Security Risk Assessment
• Security Awareness Training

Government

Workforce-screening uplift to PSPF Personnel for a Commonwealth entity — onboarding, ongoing suitability, supplier alignment.

Industry

AS 4811-aligned workforce screening for a financial-services operator — risk-tiered roles, supplier flow-through.

Outer Perimeter

Visitor pass · Contractor escort · Day-pass tracking

At the outer perimeter the personnel control is access entitlement: visitor passes, contractor escort rules, day-pass tracking, vehicle-occupant verification at the gate. Who gets through the fence — and who is escorting them?

• Design
• Support

• PSPF Personnel
• ISM physical access
• AS 4811 visitor control

• Protective Security
• Physical Security Consulting

Government

Visitor-management and contractor-escort SOP design for a high-profile government building — verifiable, auditable, scalable.

Industry

Contractor-management overhaul for a multi-site operator — pre-qualification, induction, day-pass audit trail.

Inner Perimeter

Baseline clearance · PASS card · Escort · Duress alarms

Inside the fence, personnel controls become clearance- and badge-driven: Baseline clearance for general staff, PASS-card systems, anti-passback, escort rules for cleared-but-not-need-to-know visitors. This is also where staff-protection controls live — duress alarms at workstations, safe-room signage, lone-worker monitoring for after-hours and remote staff.

• Design
• Support
• Assure

• PSPF Personnel
• AGSVA Baseline
• ISM access controls
• WHS Act 2011
• AS 4485 Workplace duress

• Electronic Security
• Security Audits

Government

PASS-card and escort-rule audit for an agency tenancy — alignment of access entitlements with current clearances.

Industry

Access-card lifecycle review for a corporate tenant — joiner/mover/leaver, anti-passback, audit-trail integrity.

Building Envelope

NV1 access · SCIF brief · Need-to-know

For protected workspaces, the envelope-level personnel control steps up: NV1 / NV2 clearance verification, SCIF security briefings, need-to-know enforcement, two-person rules for higher categories.

• Plan
• Support

• PSPF Personnel
• AGSVA NV1/NV2
• ASIO Technical Notes 5/12 SCIF
• ISM Need-to-know

• Security Design Consulting
• Security Awareness Training

Government

SCIF access-control and clearance-verification regime — entry register, brief schedule, two-person controls.

Industry

Cleared-workspace access regime for a defence-industry contractor — clearance verification, briefings, audit cadence.

The Asset

PV · Awareness training · Insider-threat · Staff protection

At the asset, personnel controls split two ways: trust controls (PV clearance, awareness training, insider-threat program, ongoing suitability, exit procedures) and protection controls (workplace-violence response, hostile-customer protocols, executive protection, evacuation drills, staff-safety briefings). The most-trusted people — and the people most worth protecting — converge here.

• Plan
• Support
• Assure

• PSPF Personnel
• AGSVA PV
• PSPF Insider Threat
• WHS Act 2011
• AS 3745 emergency planning

• Security Awareness Training
• Cyber Security Awareness Training
• Security Audits

Government

Insider-threat program design for a security-cleared department — indicators, governance, response protocols, awareness curriculum.

Industry

Critical-staff insider-risk program for an ASX operator — joiner/mover/leaver, exit procedures, awareness, monitoring rights.

Wider Context

Risk appetite · Executive accountability · Continuity governance

Governance sets the rules before controls are designed: risk appetite, executive ownership, regulator engagement, supplier assurance and resilience priorities. Security risk, continuity, crisis and emergency management need one accountable operating model, not separate plans on separate shelves.

• Plan
• Assure

• PSPF Governance
• SA HB 167:2025
• ISO 31000
• ISO 22301
• ISO 22361
• SOCI Act

• Security Risk Assessment
• Business Continuity Consultants
• Critical Infrastructure Risk Management

Government

PSPF Governance attestation and supplier-assurance refresh, with accountability mapped from executive owners to operational controls.

Industry

Board-level security charter, risk appetite and supply-chain assurance framework for an ASX or SOCI-regulated operator.

Outer Perimeter

Site policy · Contractors · Emergency interface

At the perimeter, governance is the policy framework for site access, contractors, vendors, visitors and emergency services. It also defines who can close a gate, lock down a site, receive first responders, account for people and keep critical operations running during an incident.

• Plan
• Assure

• PSPF Governance
• SA HB 188
• AS 3745
• ISO 22320
• ISO 27036 supplier security

• Security Audits
• Emergency Management
• Managed Security Service Provider

Government

Vendor-governance and security-policy refresh for a multi-tenant department — contract clauses, KPIs, audit rights.

Industry

MSSP and contractor-governance regime for a national operator — policy, KPIs, breach notification, audit cadence.

Inner Perimeter

Monitoring & audit · Exercises & lessons learned

Inside the fence, governance is the monitoring, audit and exercising framework that tells executives whether controls, procedures and response teams actually work. This includes exercise schedules, lessons management, corrective-action tracking and readiness reporting.

• Assure

• PSPF Governance
• ISO 19011 audit
• ISO 22398 exercising
• ISO 22301
• PGPA Act compliance

• Security Audits
• Business Continuity Consultants
• Security Awareness Training
• Managed Security Service Provider

Government

Independent control sample-testing and KRI dashboard design for a federal regulator — board-ready quarterly reporting.

Industry

Quarterly security-controls assurance program for a critical-infrastructure operator — KRI dashboard and exception tracking.

Building Envelope

Incident playbooks · Breach reporting

For protected areas, governance is the procedure set for incidents, breach reporting, escalation, continuity workarounds and assurance evidence. The question is not only "is the room secure?" but "what do we do, who decides, and how do we keep operating if it is compromised?"

• Plan
• Assure

• PSPF Governance
• ISO 22361
• ISO 22320
• PSPF Information Security breach reporting
• ASIO Technical Notes

• Security Audits
• Business Continuity Consultants
• Crisis Management

Government

Secure-area SOPs and breach-reporting protocol design for a SECRET-level workspace — assurance evidence pack included.

Industry

Cleared-workspace SOP regime and incident-reporting playbook for a defence-industry contractor — exercised and signed off.

The Asset

Business continuity · Crisis · Emergency · Exercises

At the asset, governance is the continuity and crisis capability that keeps essential services operating: business impact analysis, continuity strategies, crisis team structures, emergency response, communications, decision logs, recovery priorities, exercises and continual improvement.

• Plan
• Assure

• ISO 22301
• ISO 22361
• ISO 22398
• AS/NZS 5050
• AS 3745
• ISO 22320

• Business Continuity Consultants
• Crisis Management
• Emergency Management
• Security Awareness Training

Government

Business continuity and crisis-governance refresh for an agency executive — board-paper templates, decision logs, exercised protocols.

Industry

Board-level continuity and crisis-governance regime for an ASX operator — exercised playbooks, comms protocols, regulator engagement.

Wider Context

Step 1: Establish context · Step 7: Communicate & consult

The risk process starts before design. Step 1 defines scope, criteria and context. Step 7 keeps communication and consultation active with executives, staff, regulators, suppliers and the public throughout the work.

• Assess
• Plan

• SA HB 167:2025
• ISO 31000:2018
• PSPF Risk Management Capability
• Commonwealth Risk Management Policy

• Security Risk Assessment
• Critical Infrastructure Risk Management

Government

Risk-management framework alignment to PSPF and the Commonwealth Risk Management Policy — scope, owners, tolerances, comms cadence.

Industry

Enterprise risk-register scoping for an ASX operator with a multi-state footprint — tolerances and reporting lines defined up-front.

Outer Perimeter

Step 2: Identify risks — at the perimeter

Step 2 identifies the threats and vulnerabilities most likely to reach the site first: hostile vehicles, intruders, surveillance, drones, deliveries and public approaches. It is the inventory of what may try to get in.

• Assess

• SA HB 167:2025
• ISO 31010
• PSPF Threat Assessment
• ASIO Technical Notes

• Security Risk Assessment
• Counter Terrorism Consulting

Government

All-hazards perimeter risk-identification workshop for an agency HQ — threats, vulnerabilities and asset criticality mapped.

Industry

Crowded-place identification for a stadium operator — terrorism, crime, crowd dynamics, adjacent-asset spillover.

Inner Perimeter

Step 3: Analyse risks — control effectiveness

Step 3 tests whether existing controls are credible. CCTV, lighting, sensors, access systems, patrols and monitoring are scored against the threats already identified, so inherent and residual risk are visible.

• Assess

• SA HB 167:2025
• ISO 31010
• NIST SP 800-30
• ISM detection controls

• Security Audits
• Security Risk Assessment

Government

Bow-tie analysis on perimeter and detection layer for a regulator — preventive vs mitigating controls scored against TTPs.

Industry

Control-effectiveness scoring for a corporate campus — CCTV/access/sensors against actual incident history.

Building Envelope

Step 4: Evaluate risks — tolerance & treatment decisions

Step 4 decides what level of risk is tolerable. At the building envelope this often becomes a capital decision: harden walls, change glazing, build a secure room, stage the uplift, or formally accept the risk.

• Plan

• SA HB 167:2025
• ISO 31000:2018
• PSPF Risk Management Capability

• Security Risk Assessment
• Security Design Consulting

Government

Risk-evaluation workshop with executive risk owners — tolerance lines confirmed, capital-treatment decisions endorsed.

Industry

Board-level treatment evaluation for an ASX operator — heat-map calibrated, top-10 risks rebaselined, treatment funding prioritised.

The Asset

Step 5: Treat · Step 6: Monitor & review — at the asset

Steps 5 and 6 protect the asset directly. Treatments are designed, built and operated, then monitored through testing, audit and reassessment. This closes the loop between risk decisions and real performance.

• Plan
• Design
• Support
• Assure

• SA HB 167:2025
• ISO 31000:2018
• ISO 22301
• ISO 22361
• PSPF Physical / Personnel / Information
• ISM controls

• Protective Security
• Business Continuity Consultants
• Security Audits

Government

Treatment plan and ongoing assurance regime for an agency’s critical asset — sequenced, costed, KRI-monitored over a 12-month roadmap.

Industry

Treatment roadmap and quarterly assurance program for an ASX operator — control uplift prioritised by residual-risk reduction.

CCTV — fixed dome camera

A fixed dome camera that gives reliable coverage of rooms, corridors, entries or external areas. It is usually the quiet workhorse of a CCTV system: discreet, tamper-resistant and suited to continuous coverage.

Camera gaps quickly become operational gaps. Good dome coverage helps operators assess incidents in real time, supports investigations later, and gives guards confidence about what is actually happening before they respond.

Feeds the video management system and should be paired with lighting, intrusion detection and access-control events. When an alarm occurs, the right camera view should appear automatically so the operator can verify the event before dispatch.

Agilient designs camera coverage from the risk outward: camera purpose, field of view, lens and lux levels, retention, privacy, analytics use cases, VMS integration and tender-ready specifications.

• AS/NZS 62676
• Privacy Act 1988
• APPs
• ISM CCTV controls
• PSPF retention requirements

• Security Camera & CCTV Consultant
• Electronic Security

CCTV — PTZ pole camera

A steerable camera used to follow activity across larger external areas such as gates, fence lines, car parks and approaches.

PTZ cameras are useful when something is already developing, but they cannot replace fixed coverage. A PTZ pointed in the wrong direction can create false confidence if the rest of the camera design is weak.

Usually controlled from the security control room and paired with fixed cameras that maintain constant coverage. Alarm triggers can call up PTZ presets for fence alarms, gate events, duress or after-hours movement.

Agilient reviews PTZ placement, blind spots, preset logic, fixed-camera ratios, operator workflow and training requirements so the camera supports response rather than becoming a shiny but underused control.

• AS/NZS 62676
• ASIO Technical Notes (perimeter CCTV)

• Security Camera & CCTV Consultant
• Physical Security Consulting

Electronic access control — card reader

A card, fob or mobile-credential reader that controls who can pass through a door, gate or turnstile.

Access control turns security policy into day-to-day enforcement. It limits movement by role, time and zone, and creates the audit trail needed to investigate exceptions.

Should connect to CCTV, intrusion detection, visitor management and HR joiner/mover/leaver processes. Door-forced or denied-entry events should create a clear operator workflow, not just another unreviewed log entry.

Agilient designs zone permissions, credential strategy, joiner/mover/leaver controls, integration requirements and entitlement audits so access rules stay aligned with real roles and clearances.

• AS/NZS 2201 intrusion / access
• PSPF Personnel
• ISM access controls

• Electronic Security
• Security Audits

Biometric reader

A higher-assurance reader that verifies a person using a biometric factor such as fingerprint, iris or vein pattern, usually alongside a card or PIN.

Biometrics are useful where a stolen card is not enough assurance. They also introduce privacy, reliability and fallback issues, so they should be reserved for boundaries where the risk justifies the extra control.

Works through the access-control system as an additional factor. Denials, failures and override events should be visible to operators and supported by CCTV verification and clear fallback procedures.

Agilient assesses whether biometrics are justified, which modality fits the user group, how privacy impacts will be managed, and how the reader should integrate with access control, CCTV and operational procedures.

• ISM access controls
• PSPF Personnel (NV1+)
• Privacy Act 1988

• Electronic Security
• Security Design Consulting

Access-control system controller

The controller and software layer that makes readers, doors, gates, turnstiles and permissions behave as one access-control system.

The reader is only the visible edge. The controller is where permissions, schedules, anti-passback, alarms and integrations live. If this layer is unmanaged, access permissions drift and audit evidence weakens.

Should connect with HR, visitor management, CCTV, intrusion detection, gatehouse operations and the security control room. Door events need to trigger decisions, not disappear into separate systems.

Agilient reviews the access-control architecture, controller placement, permission model, door schedules, integration logic and entitlement evidence so the system remains governable over time.

• AS/NZS 2201 intrusion / access
• Privacy Act 1988
• PSPF Personnel
• ISM access controls

• Electronic Security
• Security Design Consulting

Security guard / patrol

A trained human presence at the gate, reception, patrol route or response point. Guards verify exceptions, help visitors, challenge suspicious behaviour and respond when technology raises an alarm.

Technology detects; people decide and act. Guarding is most valuable when posts, patrols and escalation rules are designed around actual site risk rather than generic coverage hours.

Guard routines should connect to CCTV, radio, duress, visitor management, patrol checkpoints, gatehouse procedures and the control room.

Agilient reviews guard-post purpose, patrol routes, SOPs, supplier performance, licence compliance and escalation workflows so guarding effort is targeted and measurable.

• Security Industry Act (state)
• ASIAL Class 1 / 2 licensing
• PSPF Personnel

• Managed Security Service Provider
• Security Audits

Duress alarm

A discreet button, fob or mobile alert used when staff are threatened, confronted or under coercion.

Duress is a staff-safety control, not just an alarm input. It shortens the path from a person in trouble to a verified response, which matters for reception, interview rooms, cash handling, lone work and high-risk customer interactions.

Should raise a priority alarm with location, identity where appropriate, camera coverage and a defined response path for guards, managers or police.

Agilient designs duress coverage, device selection, monitoring workflow, escalation rules, test schedules and scenario exercises aligned to WHS duties and the site risk profile.

• AS 4485 Workplace duress alarm systems
• WHS Act 2011
• ISO 22320 emergency response

• Duress Alarms
• Security Awareness Training

Intrusion detection (IDS)

An IDS detects unauthorised presence or movement after-hours or inside restricted zones. PIR is the familiar sensor shown here, but a complete system can include door contacts, glass-break, vibration, tamper and alarm-processing logic.

IDS turns a locked building into a monitored building. Poor zoning creates nuisance alarms; good zoning gives operators a credible starting point and helps responders understand where to go first.

Should be monitored by the control room or a Grade A monitoring centre, correlated with CCTV, access-control events and guard patrols. AI can help triage patterns, but response decisions should remain human-confirmed and auditable.

Agilient designs sensor coverage, zoning, false-alarm reduction, CCTV/access-control correlation, monitoring workflows and response testing so alarms are credible and actionable.

• AS/NZS 2201 intrusion detection
• ASIAL Grade A1 monitoring
• Privacy Act 1988
• ISM intrusion controls

• Electronic Security
• Security Audits

AI-assisted detection & analytics

AI-assisted analytics help identify events that matter across CCTV, access control, intrusion alarms and other sensors: a person in a restricted zone, a fence climb, a vehicle in the wrong place or a pattern of alarms that suggests a real incident.

Used well, AI reduces noise and operating cost. It helps teams verify alarms before dispatch, focus patrols on confirmed events and cover large sites where people cannot watch every camera or perimeter point.

Should turn several weak signals into one actionable alert in the control room. For example: a camera detects movement, a perimeter sensor confirms it, the nearest view is presented, and an operator verifies before challenge or dispatch.

Agilient treats AI as a governed control: define the threat scenario, choose interoperable platforms, test false alarms, manage privacy, avoid facial recognition unless justified and lawful, keep a human in the loop and build in regular assurance.

• AS/NZS 62676
• AS/NZS 2201
• Privacy Act 1988
• Australian Privacy Principles
• PSPF Physical Security

• Security Risk Assessment
• Security Camera & CCTV Consultant
• Electronic Security

Glass-break sensor

An acoustic sensor near windows or glazed entries that listens for the pattern of breaking glass.

It detects forced entry at the envelope, before a person is already moving through the building and triggering internal sensors.

Works through the intrusion system, with CCTV and access-control events used to verify the alarm. It should be paired with glazing that delays entry, not only detects it.

Agilient specifies sensor placement, sensitivity, alarm zoning, CCTV pull-up and glazing recommendations so the control is credible in the actual room.

• AS/NZS 2201
• AS 2208 safety glazing

• Electronic Security

Protection of services infrastructure

The power, communications, fuel, water, fire, plant-room and riser services that keep the site operating.

Strong doors and cameras do not help if power, communications, cooling or fire services can be easily damaged or isolated. Service resilience belongs in the security risk assessment and business-continuity conversation.

Critical routes and dependencies should be mapped, single points of failure identified, and high-consequence services protected with access control, barriers, tamper detection, CCTV, lighting, redundancy and response procedures.

Agilient reviews exposed routes, plant-room and riser access, switchboards, comms entries, contractor access, redundancy and treatment options, then turns that into a proportionate uplift plan ready for design or assurance.

• PSPF Physical Security
• SOCI Act where applicable
• AS/NZS ISO 31000
• AS/NZS 5050
• AS/NZS 3000
• WHS Act 2011
• ISO 22301

• Security Risk Assessment
• Physical Security Consulting

Perimeter fence

The first physical boundary — fence type, height, anti-climb topping, footing, gate count and visibility all chosen against a defined intruder-class.

A fence is the visible deterrence and the first delay layer. Time-to-defeat the fence is the time the inner layers buy to detect, assess and respond.

Often paired with perimeter intrusion detection - sensor cable, microwave, radar, thermal analytics or fence-mounted vibration sensors - with CCTV cued by detection and alarms routed to the security control room.

Fence-type selection against threat class, AS 1725 specification, line-of-sight and stand-off design, gate count rationalisation, sensor selection, false-alarm tuning, video verification and response workflow.

• AS 1725 chain-link / wire fences
• AS/NZS 2201 intrusion detection
• PSPF Physical
• ASIO Technical Notes

• Protective Security
• Building Security Consultants

Vehicle gate + boom

A controlled vehicle entry point, usually a gate or boom supported by ANPR, intercom and gatehouse verification.

The gate is the weak point in every perimeter because it must open. Geometry, screening and backup controls decide whether it actually delays and verifies vehicles.

Works with ANPR, intercom, CCTV, access control, guard procedures and HVM barriers so vehicles are slowed, checked and recorded before entry.

Agilient specifies gate type, screening workflow, ANPR and intercom integration, gatehouse procedures and HVM pairing.

• PSPF Physical
• ASIO Technical Notes (vehicle access)
• PAS 68 / IWA 14 (HVM)

• Hostile Vehicle Mitigation
• Physical Security Consulting

ANPR camera

Automatic Number Plate Recognition camera that reads, logs and matches vehicle plates against an allow/deny list.

ANPR speeds approved entry, flags unknown vehicles and creates a searchable audit trail for incidents or repeat approaches.

Feeds access control, the gate or boom, VMS recording and the gatehouse workflow. Vehicle allow-lists need the same governance as staff access.

Agilient reviews camera choice, capture angle, lighting, list management, privacy, and integration with gates, intercoms and the control room.

• AS/NZS 62676
• ISM access controls

• Electronic Security
• Physical Security Consulting

Bollard / hostile-vehicle mitigation

Static or active vehicle barriers, including bollards, planters and kerb geometry, designed to stop or slow a hostile or accidental vehicle approach.

For public entrances and high-profile sites, HVM must be based on the real approach speed and angle. A barrier in the wrong place can look reassuring but fail in practice.

Works with road geometry, gates, access control, CCTV and emergency egress so approved vehicles can move while hostile approaches are slowed or stopped.

Agilient assesses vehicle dynamics, selects suitable rated treatments, checks operational impacts and prepares the design hand-off for engineers and certifiers.

• PAS 68
• IWA 14
• AS 3845 road-safety barriers
• PSPF Counter-Terrorism

• Hostile Vehicle Mitigation

Gatehouse / guard hut

A staffed post at the vehicle entry where guards verify drivers, deliveries and exceptions before vehicles move deeper into the site.

A gatehouse only works when the guard has clear authority, usable systems and tested procedures. Otherwise it becomes a passive checkpoint.

Uses local CCTV, ANPR, intercom, visitor management, radio and escalation paths to the control room and site managers.

Agilient designs gatehouse procedures, guard instructions, workstation layout, escalation rules and supplier performance measures.

• PSPF Personnel
• Security Industry Act (state)
• ASIAL Class 1 / 2 licensing

• Managed Security Service Provider
• Security Audits

Security lighting

Pole, wall or bollard lighting that supports CCTV performance, deterrence and safe staff movement after-hours.

Cameras need usable light, not just bright light. Poor lighting creates glare, shadows and false confidence.

Lighting should match camera fields of view, pedestrian routes, patrol routes and control-room switching so operators can illuminate a specific zone when needed.

Agilient models lux levels, checks glare and dark zones, aligns lighting to camera specifications and recommends practical retrofit options.

• AS 1158 lighting for roads and public spaces
• ISM CCTV controls

• Electronic Security
• Security Design Consulting

Security control room

The nerve centre where operators bring together CCTV, access control, intrusion detection, duress, intercom, lighting, guards and emergency contacts.

Separate technologies only become useful when someone can see, verify, prioritise and respond. The control room turns alerts into decisions.

Receives alarms, pulls relevant camera views, tracks movement, activates approved response actions and records an auditable decision trail.

Agilient designs control-room layouts, console ergonomics, integration requirements, operating procedures, shift handover, exercises and monitoring-provider performance measures.

• ISO 11064 ergonomic design of control centres
• AS/NZS 2201
• AS/NZS 62676
• Privacy Act 1988
• ISM monitoring controls
• ASIAL Class 1 / 2 licensing

• Managed Security Service Provider
• Security Design Consulting
• Security Audits

Comms cabinet

A lockable cabinet for switches, patch panels, fibre terminations and local security or IT network equipment.

A poorly controlled comms cabinet gives insiders or contractors a simple place to tap, disconnect or damage the network.

Cabinet access should be logged, alarmed and visible to CCTV, with vendor access tied to approved work orders.

Agilient specifies cabinet location, locks, tamper contacts, CCTV pairing, alarm tuning and contractor access rules.

• AS/NZS ISO/IEC 11801 cabling
• ISM physical security
• PSPF Information Security

• Electronic Security
• Security Audits

Server rack

A locked rack for servers, storage and network gear inside a server room or data hall.

This is where critical systems physically live. If rack or room access is loose, logical security starts from a weak foundation.

Rack access, environmental alarms, out-of-band management and building services should be monitored through defined security and continuity workflows.

Agilient reviews server-room hardening, rack locks, access logging, environmental alarms, out-of-band design and continuity dependencies.

• TIA-942 data centre
• ISM physical security
• AS 3555 forced entry

• Security Design Consulting
• IT Disaster Recovery Planning

Secure / SCIF room

A certified room for classified or highly sensitive work, using rated construction, acoustic or RF treatment, endorsed locks and approved containers.

For classified work, the room is part of the asset. Construction, access rules and staff procedures must align before certification can be relied on.

Works with access control, biometrics where justified, lobby CCTV, door-held alarms, container registers and classified-handling procedures.

Agilient prepares SCIF and secure-room design packages covering wall ratings, acoustic and RF treatment, containers, access control and certifier hand-off.

• ASIO Technical Notes 5/12 SCIF
• PSPF Information Security
• AS 3555 forced entry

• Security Design Consulting
• Building Security Consultants

X-ray scanner / mail screening

Screening equipment at reception, mail rooms or loading docks used to inspect bags, parcels and mail before they enter controlled areas.

Screening creates a managed checkpoint between an external sender or visitor and the internal asset. It must match the threat profile and WHS setting.

Operated by trained staff, with clear escalation to the control room, a competent person and emergency services for suspect items.

Agilient designs screening protocols, operator competency, mail-handling procedures, escalation pathways and rehearsal programs.

• ARPANSA radiation protection
• PSPF Counter-Terrorism
• AS 4801 mail handling guidance

• Counter Terrorism Consulting
• Protective Security

Turnstile / speed-gate

A lobby control that enforces one person per credential using an optical speed-gate, full-height turnstile or similar barrier.

Reception is often the busiest boundary. Turnstiles make access rules enforceable and reduce tailgating without relying only on staff challenge.

Works with card or biometric readers, visitor management, CCTV, tailgate alarms and accessible entry routes.

Agilient assesses barrier type, reader pairing, throughput, queueing, accessibility and integration with visitor procedures.

• AS/NZS 2201 access control
• Disability Discrimination Act / DDA accessibility

• Electronic Security
• Building Security Consultants

Internal road & approach geometry

The vehicle route from the outer gate to the building drop-off, including curves, gradients, kerbs, sightlines and speed-control features.

A straight, fast approach gives an attacker momentum. A shaped approach slows vehicles, improves verification and gives barriers time to work.

Road geometry should align with stand-off distance, bollard ratings, gate timing, ANPR capture, CCTV coverage, lighting and pedestrian crossings.

Agilient assesses vehicle speed, mass and angle, then designs chicanes, kerbs, planters, bollard sequences and civil hand-off requirements.

• AS 3845 road safety barriers
• PAS 68 / IWA 14 HVM
• PSPF Counter-Terrorism
• ASIO Technical Notes (vehicle access)

• Hostile Vehicle Mitigation
• Physical Security Consulting
• Security Design Consulting

Inner-perimeter boom / secondary access control

A second vehicle control inside the fence, usually a boom with card, fob or ANPR verification.

It separates public visitor movement from staff, delivery or authorised-vehicle areas, adding a second decision point before the building.

Works with access control, ANPR, CCTV, gatehouse procedures and refusal workflows, with a safe way for denied vehicles to turn around.

Agilient reviews boom location, reader choice, ANPR pairing, gatehouse integration, refusal handling and control-room workflow.

• AS/NZS 2201 access control
• AS/NZS 62676 CCTV
• PSPF Physical

• Electronic Security
• Physical Security Consulting

Visitor / staff car park (outer perimeter)

Car parks sit in the outer perimeter but often become a site's most exposed public interface. They need to protect people, vehicles and the transition into the building through clear sightlines, bright lighting, CCTV, controlled access, help points, patrol routes, emergency call points and a safe path to reception or the staff entry.

Vehicle theft, theft from vehicles, vandalism and personal-safety incidents are common Australian risks. Staff and visitors can be most vulnerable in car parks because they are open, lightly supervised and used early morning, late evening or after shifts. Secure parking is not just amenity; it is part of WHS duty of care, visitor confidence and the organisation's first impression of security.

Car-park controls should work as a joined system: lighting designed for CCTV performance, cameras covering entries/exits/aisles/payment or help points, controlled access through boom gates, cards, PINs, mobile credentials or licence-plate recognition, duress and intercom points linked to the control room, patrols focused on high-risk times, and clear pedestrian routes from parking to the controlled building entry.

Agilient reviews car parks against the actual operating risk: public visitor flow, staff shift times, known crime patterns, vehicle mix, disability access, payment or ticketing locations, sightlines, lighting levels, camera coverage, patrol response, duress/help-point spacing, after-hours escorts and integration with access control or licence-plate recognition. Outputs are practical: quick wins, design changes, technology requirements and operating procedures.

• AS 1158 lighting for roads and public spaces
• AS/NZS 62676 CCTV
• AS 4485 workplace duress
• WHS Act 2011
• ISO 22341 CPTED
• AS 2890 parking facilities

• Building Security Consultants
• Duress Alarms
• Electronic Security
• Security Awareness Training

Speed bump / traffic calming

Speed bumps, raised crossings, rumble strips and signs that force slower vehicle movement on internal roads.

Traffic calming makes other controls work. A slow vehicle is easier to read, challenge, stop and separate from pedestrians.

Should align with HVM ratings, road geometry, ANPR capture, pedestrian crossings, lighting and emergency vehicle access.

Agilient designs traffic-calming layouts with HVM, access control, pedestrian safety and civil engineering requirements in mind.

• AS 2890 parking facilities
• AS 3845 road safety barriers
• PSPF Counter-Terrorism

• Hostile Vehicle Mitigation
• Physical Security Consulting

Pedestrian path & approach

The staff and visitor walking route from parking or the site entry to reception or the controlled staff entry.

A good path uses CPTED before technology: clear sightlines, no concealment, visible ownership and safe movement after-hours.

Lighting, CCTV, duress, intercoms, landscaping, accessibility and wayfinding should all support the same safe route.

Agilient reviews pedestrian routes for CPTED, lighting, camera coverage, after-hours safety, accessibility and practical route changes.

• ISO 22341 CPTED
• AS 1158 lighting
• AS 1428 accessibility

• Building Security Consultants
• Security Design Consulting

CPTED — Crime Prevention Through Environmental Design

A design method that reduces crime opportunity by shaping how people see, move through and use a place. It is practical, low-friction security before expensive technology is added.

Most powerful at Wider Context · Outer Perimeter · Inner Perimeter — but applied across the whole site.

Agilient applies CPTED during site walks, design reviews and crowded-place assessments. We identify blind spots, concealment, poor routes and weak ownership cues, then recommend practical design changes.

• Natural surveillance — design so legitimate users naturally see what is happening (sightlines, lighting, transparent boundaries).
• Natural access control — physical and symbolic features that guide where people can and cannot go (paths, signage, level changes).
• Territorial reinforcement — clear public / semi-public / private boundaries that signal ownership and care.
• Maintenance & management — well-maintained environments deter offenders; broken-window theory in practice.

• ISO 22341 — Security and resilience — Protective security — Guidelines for crime prevention through environmental design
• ANZ Crime Prevention Through Environmental Design guidelines
• State planning policies (NSW, VIC, QLD, WA, SA CPTED guides)

• Security Risk Assessment
• Building Security Consultants
• Counter Terrorism Consulting

Security-in-depth strategy

A layered strategy where each control backs up the next. If one layer fails, the attacker still has to face another layer of deterrence, detection, delay, denial and response.

Cross-cutting — applies at every layer simultaneously.

Agilient maps existing controls to their protective effect and identifies weak layers, single points of failure and practical treatment priorities.

• Deter — make the site less attractive than alternatives.
• Detect — recognise an attempt as early as possible (ideally outside the fence).
• Delay — buy time for response between detection and asset compromise.
• Deny — prevent the attacker reaching the asset even after penetrating outer layers.
• Respond — guards, control room, police, BCM activation.

• PSPF Physical Security
• ASIO Technical Notes
• NIST SP 800-160 Vol 2 (cyber resilience)

• Security Risk Assessment
• Physical Security Consulting

R2D3 — Agilient 's integrated controls framework

Agilient 's framework for assessing security controls as one integrated posture. R2D3 groups controls by five protective effects - Deter, Delay, Detect, Respond and Recover - across physical, people, information and cyber domains.

Cross-cutting framework used during risk analysis and treatment design. Many controls contribute to more than one protective effect.

Agilient maps controls into the five-effect grid, scores their contribution, identifies gaps and gives executives one integrated view of control effectiveness.

• Deter - visible and procedural controls that discourage attack or misuse.
• Delay - barriers, zoning and rules that slow or channel adversaries.
• Detect - systems and behaviours that identify abnormal or unauthorised activity.
• Respond - people, procedures and command arrangements that contain incidents.
• Recover - continuity, restoration and improvement controls that restore capability.

• SA HB 167:2025 Security risk management
• ISO 31010 risk-assessment techniques
• ISM control assurance
• PSPF Physical / Personnel / Information / Cyber capabilities

• Security Risk Assessment
• Security Audits
• Protective Security

Electronic security review process

A structured review of CCTV, access control, intrusion detection, duress, lighting and integration. It focuses on real performance, not just whether equipment exists.

Inner perimeter — but spans the building envelope and the outer perimeter ANPR / gate equipment too.

Agilient runs vendor-neutral reviews, removes duplication, tunes detection logic and produces prioritised uplift plans and tender-ready specifications.

• Coverage modelling — what each camera and sensor can actually see.
• Integration audit — does CCTV pull on alarm, does access control talk to HR, does intrusion logic suppress nuisance from cleared staff.
• Lifecycle review — age, end-of-life, vendor support, migration paths.
• Cost-to-protect alignment — value of the asset vs the security spend per zone.

• AS/NZS 62676 CCTV
• AS/NZS 2201 intrusion / access
• ISM detection controls

• Electronic Security
• Security Camera & CCTV Consultant
• Security Audits

Document review & development process

A method for reviewing security policies, procedures, plans and registers, then drafting or refreshing the pieces that are missing or no longer fit for purpose.

Information × Core (classified handling) and Governance × Inner (audit framework). Cross-cuts every domain in practice.

Agilient uses this in PSPF uplift, SOCI readiness and governance refresh work, writing in the client's house style where needed.

• Inventory — what exists, version-controlled, owner identified.
• Gap-map — what's missing against the applicable framework (PSPF / ISM / ISO).
• Quality assessment — is each document fit for purpose, current, and actually used.
• Develop or refresh — draft new or rewrite existing, in client house style.
• Adoption package — exec briefing, training pack, review cadence.

• PSPF Information Security
• ISM document controls
• ISO/IEC 27001

• Security Audits
• Security Awareness Training

8-step Business Continuity process

Agilient 's structured process for designing, documenting, exercising and assuring business continuity capability end to end.

The Asset (core) — but feeds crisis management, emergency planning, technology recovery and supplier resilience across the whole organisation.

Agilient can deliver the full cycle or a focused piece such as impact analysis, plan development, exercising or assurance.

• 1. Programme initiation and governance.
• 2. Business impact analysis.
• 3. Risk and threat assessment.
• 4. Continuity strategy selection.
• 5. Continuity plans, procedures and crisis communications.
• 6. Awareness, training and competency.
• 7. Exercising and testing.
• 8. Maintenance, review and continual improvement.

• ISO 22301
• AS/NZS 5050
• ISO 22317 impact analysis
• ISO 22318 supply-chain continuity
• ISO 22398 exercises
• AS 3745 emergency planning

• Business Continuity Consultants
• Crisis Management
• Emergency Management
• IT Disaster Recovery Planning

Crisis, emergency and exercise program

A practical program that turns crisis, emergency and continuity plans into rehearsed capability through briefings, exercises, reviews and corrective-action tracking.

Governance & Resilience across every layer, with strongest emphasis at the asset/core and in the control-room response model.

Agilient designs and facilitates executive crisis exercises, continuity exercises, emergency drills and cyber-physical scenarios, then provides concise findings and actions.

• Scenario design — credible disruption scenarios tied to the client's risks and critical services.
• Roles and decision rights — who leads, who advises, who communicates, and what decisions must be logged.
• Exercise conduct — tabletop, functional or live exercise formats scaled to risk and maturity.
• Evaluation — observations, evidence, lessons, corrective actions and retest dates.
• Improvement — updates to plans, training, communications, suppliers and executive reporting.

• ISO 22361 crisis management
• ISO 22398 exercises
• ISO 22320 emergency management
• AS 3745 facility emergency planning
• ISO 22301 business continuity

• Crisis Management
• Emergency Management
• Business Continuity Consultants
• Security Awareness Training

PSPF compliance roadmap

A staged roadmap from current PSPF maturity to a defined target state across Governance, Information, Personnel, Physical and Cyber.

Governance domain primarily — but every other domain delivers evidence into it.

Agilient runs PSPF uplift programs and supports CSOs through attestation, evidence collection and independent control testing.

• Maturity baseline — PSPF self-assessment against current capability.
• Target-state definition — what "good" looks like for this entity.
• Gap inventory and treatment plan — sequenced by risk, dependency and budget.
• Evidence collection — the artefacts that demonstrate compliance.
• Annual attestation cycle — independent test, executive briefing, attest.

• PSPF 2024/2025
• PGPA Act
• Commonwealth Risk Management Policy

• Security Audits
• Security Risk Assessment

Tailored training cycle

A four-stage cycle for security awareness, role-specific competency, executive briefings and exercises. It is designed to build capability, not just tick a box.

Personnel × Core, but applies across every domain wherever staff capability is part of the control.

Agilient designs training for cyber awareness, protective security, insider threat, continuity and crisis leadership, tailored to each audience and risk profile.

• Diagnose — what does this audience need to do, and what do they currently know?
• Design — modular content tailored to roles, risks and regulatory drivers.
• Deliver — face-to-face, online, or blended; with measurable assessment.
• Sustain — refresh cadence, measurement, exercise, board-level reporting.

• PSPF Security Awareness
• ISO 22398 exercises
• ISO 22361 crisis leadership
• AS 3745 emergency training
• WHS Act 2011

• Security Awareness Training
• Cyber Security Awareness Training

Hostile reconnaissance — surveillance & target packaging

Pre-attack observation of a site, from a passing photograph to repeated visits that map guard routines, deliveries, gates, executive arrivals and weak fence lines.

Reconnaissance is often the earliest visible warning of a planned attack or disruption. Detecting it early lets a site intervene while the threat is still outside the boundary.

Agilient designs detection, deterrence and disruption measures: tuned CCTV analytics, repeat-plate ANPR alerts, staff reporting channels, unpredictable patrols, friendly challenge, neighbourhood liaison and agreed escalation to police.

• Vehicles parked with line of sight to gates, guard posts or staff entries.
• Walk-by photography of access points, signage, security equipment and shift changes.
• Pretext visits as a courier, surveyor, prospective tenant, journalist or lost driver.
• Drone overflight (see separate threat card).
• Social-media trawling for staff routines, executive movements, internal building photos, and access-card design.
• Repeated unknown vehicles on approach roads or near staff entries.
• Staff probing through social media, professional networks or fake research requests.

• CCTV analytics tuned for loitering, repeat presence and pattern-of-life detection.
• ANPR with repeat-unknown-plate alerting and aggregate-pattern review.
• Behavioural-detection officer (BDO) training for security guards, reception and front-of-house staff.
• See-Something-Say-Something reporting workflow with simple submission and visible follow-up.
• Neighbourhood liaison programme with adjacent businesses, council, and local police.
• OSINT monitoring of social-media exposure of staff and assets.
• CPTED treatment of approach roads and adjacent public space (natural surveillance, sightline management)

• PSPF Counter-Terrorism
• ANZ Counter-Terrorism Committee guidelines
• ASIO T4 outreach advice
• UK Project Servator (origin model)
• ISO 22341 CPTED

• Counter Terrorism Consulting
• Security Risk Assessment
• Security Awareness Training
• Managed Security Service Provider

Drone overflight — adversary UAS surveillance & weaponisation

Use of small drones for surveillance, payload delivery, electronic probing or disruption. The risk can involve consumer drones, modified platforms or coordinated flights.

Drones bypass fences, walls and guards. They can collect imagery, drop items, disrupt operations or force precautionary shutdowns, while active countermeasures remain tightly restricted in Australia.

Agilient builds counter-UAS strategies around risk, legality and response. We review airspace status, credible threat scenarios, detection options, notification pathways, control-room playbooks and staff sighting procedures.

• Aerial photography of secure areas, routes, roof plant and guard positions.
• Payload drop of contraband, a device or other harmful item over a fence or roof.
• Wireless probing from airspace near the target.
• GPS spoofing of friendly drones (BVLOS deliveries, agricultural, industrial inspection).
• Multiple drones used to distract operators or overwhelm detection.
• Operational disruption where a sighting triggers a shutdown or response.

• RF-based UAS detection — drone signature libraries (DJI Aeroscope, DroneShield RfPatrol, Dedrone) — most cost-effective for commodity threats.
• Passive radar / acoustic detection for non-RF drones and where RF detection is restricted.
• EO/IR cameras with drone-tracking analytics, integrated with the security control room.
• Pre-defined notification protocols with CASA, AFP, and (for SOCI entities) the relevant regulator.
• Controlled-airspace declarations (Restricted Areas, Prohibited Areas, Temporary Restricted Areas) where eligibility applies.
• Counter-UAS incident-response playbook integrated with BCM.
• Staff visual-sighting awareness — most drones are spotted by people first, not sensors.

• CASA Part 101 (UAS operations)
• Civil Aviation Act 1988
• PSPF Counter-Terrorism
• SOCI Act (critical infrastructure)
• ASIO T4 counter-UAS advice
• NIST guidance on UAS security

• Counter Terrorism Consulting
• Critical Infrastructure Risk Management
• Security Design Consulting
• Security Audits

Server room

Z3 / Z4 — Secure

The technology core of the building: servers, storage, network equipment and the services that keep them running.

If this room is compromised, physical access can undermine many logical controls. Hardware trust starts with room control.

Agilient reviews room construction, access control, monitoring, environment, fire suppression, out-of-band management and DR dependencies.

• TIA-942 data centre
• ISM physical security
• PSPF Physical Z3 / Z4
• AS 3555 forced-entry resistance

Comms room

Z2 / Z3 — Working / Secure

The point where trunk cabling, distribution switches and active network gear connect to the rest of the floor.

A neglected comms room gives insiders or contractors a place to tap, mirror or damage networks without passing through normal cyber controls.

Agilient reviews locks, alarms, tamper detection, contractor access, monitoring and current access entitlements.

• AS/NZS ISO/IEC 11801 cabling
• ISM physical security
• PSPF Information Security

Secure room / SCIF

Z4 / Z5 — Highly Secure

A certified room for classified information, with rated construction, acoustic and RF treatment, approved locks and certified containers.

For classified work, the room is part of the asset. Construction, certification and staff procedures all have to align.

Agilient prepares wall, RF, acoustic, container and access-control design inputs for SCEC-endorsed certifier hand-off.

• ASIO Technical Notes 5/12 SCIF
• PSPF Information Security
• AS 3555 forced-entry resistance

Executive office

Z3 — Secure

Senior leadership space where sensitive conversations, documents and high-profile people often converge.

Executive offices can attract intelligence, media, protest or personal-safety risk, while also hosting sensitive decisions.

Agilient reviews layout, acoustic and visual privacy, secure storage, handling routines, awareness and crisis-team links.

• PSPF Personnel
• PSPF Information Security
• WHS Act 2011

Security control room

Z3 — Secure

The operating point where CCTV, access control, alarms, duress, intercoms, lighting and response contacts come together.

A control room turns separate systems into decisions. Without it, alarms can be missed and cameras only become evidence after the event.

Agilient designs control-room layout, consoles, integration, procedures, shift handover, emergency links and provider performance measures.

• ISO 11064 ergonomic design of control centres
• ISM monitoring controls
• ASIAL Class 1 / 2 licensing

Open-plan office

Z2 — Working

The general working zone for desks, meeting rooms and collaboration areas.

This everyday area often contains the most people, laptops, screens and routine sensitive handling, so small control failures matter.

Agilient reviews clean-desk rules, screen privacy, visitor escort, after-hours work, duress placement and staff-safety needs.

• PSPF Information Security
• PSPF Personnel
• WHS Act 2011
• AS 4485 workplace duress

Reception / lobby

Z1 — Public

The first transition from public to controlled space, covering visitor management, screening, identity checks and escort hand-off.

Reception is where pretexting, tailgating and hostile-customer incidents most often meet staff.

Agilient designs reception protocols, visitor flow, behavioural detection training, screening, turnstile integration and staff-safety procedures.

• PSPF Personnel
• PSPF Counter-Terrorism
• AS/NZS 2201 access control
• WHS Act 2011

Visitor waiting

Z1 — Public

The public waiting area after sign-in and before escort or screening is complete.

A well-designed waiting area gives staff time and visibility before access is granted; a poor one creates a dwell point for risk.

Agilient reviews sightlines, seating, screens, duress, CCTV coverage and escort-call procedures.

• PSPF Counter-Terrorism
• CPTED principles
• WHS Act 2011